Skip to main content

Here's another important reason to patch your VPN now

VPN
(Image credit: Shutterstock.com)
Audio player loading…

Security experts always recommend that organizations install the latest patches when they become available but this advice has gone unheeded by many owners of Fortinet's enterprise VPN (opens in new tab) devices.

Back in 2019, the path traversal vulnerability in the web portal of FortinetOS’ SSL VPN devices (tracked as CVE-2018-13379 (opens in new tab)) became widely known. While the issue was addressed and patched by the company, a large number of organization have not yet applied Fortinet's critical security update released several years ago.

Now the UK's National Cyber Security Centre (NCSC (opens in new tab)) has released a new advisory warning that cybercriminals as well as Advanced Persistent Threat (APT) actors are actively scanning for unpatched VPN servers and attempting to exploit the CVE-2018-13379 vulnerability. In fact, so many companies have failed to apply the security update that ready-made lists containing the IP addresses of vulnerable servers and internet-facing devices started appearing on dark web forums (opens in new tab) last fall. 

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab) <<

One of the ways in which cybercriminals are now actively leveraging the vulnerability is to install the Cring ransomware (opens in new tab)on unpatched VPN servers according to a recent report from Kaspersky.

Already compromised

In its new advisory (opens in new tab) the NCSC warned organizations that they should assume any unpatched devices are already compromised, saying:

“The NCSC is advising organisations which are using Fortinet VPN devices where security updates have not been installed, to assume they are now compromised and to begin incident management procedures. Users of all Fortinet VPN devices should check whether the 2019 updates have been installed. If not, the NCSC recommends that as soon as possible, the affected device should be removed from service, returned to a factory default, reconfigured and then returned to service.” 

In addition to being infected with the Cring ransomware, the NCSC, CISA and FBI (opens in new tab) have all warned organizations that  nation-state hacking groups are actively scanning for unpatched devices in order to gain access to networks to carry out cyber espionage (opens in new tab) campaigns.

Failing to install the latest patches in one thing but when a security update was released two years ago, organizations have no excuse as to why they've put off applying it. If you company uses Fortinet VPN devices, you should check to see if the latest updates have been applied and if not, they should be installed immediately to avoid falling victim to ransomware and other attacks that exploit the CVE-2018-13379 vulnerability.

Via ZDNet (opens in new tab)

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.